Skip to main content

Incorrect Conversion between Numeric Types

CVE-2023-3635

Severity High
Score 7.5/10

Summary

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to Denial Of Service of the Okio client when handling a crafted GZIP archive, by using the "GzipSource" class. This issue affects com.squareup.okio:okio versions prior to 3.4.0.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-681 - Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Advisory Timeline

  • Published